diff --git a/README.md b/README.md index cb14c0d..5021dd9 100644 --- a/README.md +++ b/README.md @@ -38,4 +38,5 @@ todo 13. FileMap.md ## Changelog -- reduced random data to 2x 10Kb \ No newline at end of file +- reduced random data to 2x 10Kb +- reduced random data to 2x 1Kb \ No newline at end of file diff --git a/create-attributable-archive.sh b/create-attributable-archive.sh index 9857fba..062b6f2 100755 --- a/create-attributable-archive.sh +++ b/create-attributable-archive.sh @@ -34,7 +34,7 @@ reset() { shred -uz private_* checkcode $? fi - + if compgen -G "attribution_passphrase_*" > /dev/null; then printf "nuking errant attribution passphrase files" shred -uz attribution_passphrase_* @@ -49,9 +49,11 @@ reset() { printf "making out dir structure..." mkdir -p "$inner_dir" checkcode $? + printf "updating $inner_dir/READMD.md..." echo "put files to verifiably archive in here" > "$inner_dir/README.md" checkcode $? + printf "updating $out_dir/README.md..." echo "# todo: make this nice" > "$out_dir/README.md" checkcode $? @@ -59,12 +61,15 @@ reset() { printf "making "$out_dir"/test_validate_passphrase.sh..." cp test_validate_passphrase.txt "$out_dir/test_validate_passphrase.sh" checkcode $? + printf "making $out_dir/test_validate_passphrase.sh executable..." chmod +x "$out_dir/test_validate_passphrase.sh" checkcode $? + printf "making $out_dir/verify-everything.sh..." cp verify-everything.txt "$out_dir"/verify-everything.sh checkcode $? + printf "making $out_dir/verify-everything.sh executable"... chmod +x "$out_dir/verify-everything.sh" checkcode $? @@ -74,12 +79,15 @@ reset() { printf "changing ownership of $dir to ${USER}..." chown $USER:$USER -R "$dir" checkcode $? + printf "changing permissions on $dir to 700..." chmod 700 "$dir" checkcode $? + printf "finding and shredding erroneous dirs in ${dir}..." find "$dir" -mindepth 1 -type d -exec srm -r -z -l -l "{}" \; checkcode $? + printf "changing perms of files in $dir to 600..." find "$dir" -type f -exec chmod 600 "{}" \; checkcode $? @@ -91,21 +99,27 @@ reset checkcode $? printf "ssh-keygen: makin new key: ${key_path}..." -ssh-keygen -t ed25519 -f "$key_path" -C "anonymous" -N "" +ssh-keygen -t ed25519 -f "$key_path" -C "anonymous" -N "" > /dev/null 2>&1 checkcode $? + printf "ssh-keygen: changing ownership on $key_path and $key_path.pub..." -chown $USER:$USER "$key_path" "$key_path.pub" +chown $USER:$USER "$key_path" "$key_path.pub" > /dev/null 2>&1 +checkcode $? + printf "ssh-keygen: fixing perms on $key_path and $key_path.pub..." -chmod 600 "$key_path" "$key_path.pub" +chmod 600 "$key_path" "$key_path.pub" > /dev/null 2>&1 +checkcode $? + printf "ssh-keygen: creating $out_dir/anonymous_signer..." echo "anonymous namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer" checkcode $? printf "random: adding 1/2 random blocks of data to inner archive..." -dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1K count=10 > /dev/null 2>&1 +dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1K count=1 > /dev/null 2>&1 checkcode $? + printf "random: adding 2/3 random blocks of data to outer archive..." -dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1K count=10 > /dev/null 2>&1 +dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1K count=1 > /dev/null 2>&1 checkcode $? printf "7z: compressing inner volume..." @@ -121,22 +135,25 @@ ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" > / checkcode $? printf "changing directory to ${out_dir}..." -cd "$out_dir" +cd "$out_dir" > /dev/null 2>&1 checkcode $? + printf "sha512: generating sha512 checksums of files in out..." sha512sum * > "checksums.sha512" checkcode $? + printf "changing directory back..." -cd .. +cd .. > /dev/null 2>&1 checkcode $? -# echo +echo echo "Enter attribution passphrase:" read -r -s attribution_passphrase echo echo "Enter attribution passphrase again:" read -r -s attribution_passphrase_check echo + if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1 exit 1 @@ -144,29 +161,42 @@ else echo -e "attribution_passphrase: \033[0;32mOK!\033[0m" echo "$attribution_passphrase" > "attribution_passphrase_${unix_seconds}.txt" fi + +printf "unsetting attribution_passphrase_check" unset attribution_passphrase_check > /dev/null 2>&1 +checkcode $? + +printf "calculating attribution passphrase and hash, then placing it" { printf "$attribution_passphrase" cat "$out_dir/contents.7z" } | sha512sum | awk '{print $1}' > "$out_dir/attribution-checksum.sha512" -unset attribution_passphrase > /dev/null 2>&1 +checkcode $? printf "sanity checking: changing working directory to ${out_dir}..." -cd "$out_dir" +cd "$out_dir" > /dev/null 2>&1 checkcode $? + printf "sanity checking: verification..." -bash verify-everything.sh +bash verify-everything.sh "$attribution_passhrase" checkcode $? + printf "sanity checking: validate attribution passphrase..." bash test_validate_passphrase.sh "$attribution_passphrase" checkcode $? + printf "sanity checking: returning..." cd .. checkcode $? +printf "unsetting attribution_passphrase" +unset attribution_passphrase > /dev/null 2>&1 +checkcode $? + printf "7z archiving outer dir..." 7z a "./out.7z" "$out_dir" > /dev/null 2>&1 checkcode $? + printf "moving out.7z to archives..." mv out.7z "archives/verifiable_archive_${unix_seconds}.7z" > /dev/null 2>&1 checkcode $? @@ -178,22 +208,24 @@ echo echo "input keystore passphrase (again):" read -r -s keystore_passphrase_check echo + if [[ "$keystore_passphrase" != "$keystore_passphrase_check" ]]; then echo -e "\n\n\033[0;31mKeystore passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1 exit 1 else echo -e "keystore passphrases... \e[1;32mOK!\e[0m" fi + printf "unsetting keystore passphrase checl" unset keystore_passphrase_check > /dev/null 2>&1 checkcode $? printf "archivin keys..." -7z a "keystore/keystore_${unix_seconds}.7z" "private_*" "attribution_passphrase_*" -p"$keystore_passphrase" -mhe=on # > /dev/null 2>&1 +7z a "keystore/keystore_${unix_seconds}.7z" "private_*" "attribution_passphrase_*" -p"$keystore_passphrase" -mhe=on > /dev/null 2>&1 checkcode $? printf "testing key archive..." -7z t "keystore/keystore_${unix_seconds}.7z" -p"$keystore_passphrase" # > /dev/null 2>&1 +7z t "keystore/keystore_${unix_seconds}.7z" -p"$keystore_passphrase" > /dev/null 2>&1 checkcode $? printf "unsetting keystore passphrase" @@ -204,4 +236,4 @@ printf "resetting environment..." reset checkcode $? -echo -e "\n\n\033[0;32mdone :3\033[0m\n\n" +echo -e "\033[0;32mdone :3\033[0m"